docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Fire And Forget AcessDeniedException

Open muhajirdev opened this issue 4 years ago • 2 comments

File: docs/guides/crosswalk/aws/ecs.md

const api = new awsx.apigateway.API("hello-world-api", {
    routes: [{
        path: "/hello",
        method: "GET",
        eventHandler: async (req) => {
            // Anytime someone hits the /hello endpoint, schedule our task.
            const result = await helloTask.run({ cluster });
            return { statusCode: 200, body: "OK" };
        },
    }],
});

I got this error with thie line of code

{
    "errorType": "AccessDeniedException",
    "errorMessage": "User: arn:aws:sts::680928640442:assumed-role/trigger-buildfc45ff03-8a0677d/trigger-buildfc45ff03-ea7b647 is not authorized to perform: ecs:RunTask on resource: arn:aws:ecs:us-west-2:680928640442:task-definition/build-bitstream-aece9bcd:1",
    "code": "AccessDeniedException",
    "message": "User: arn:aws:sts::680928640442:assumed-role/trigger-buildfc45ff03-8a0677d/trigger-buildfc45ff03-ea7b647 is not authorized to perform: ecs:RunTask on resource: arn:aws:ecs:us-west-2:680928640442:task-definition/build-bitstream-aece9bcd:1",
    "time": "2020-04-07T02:46:20.519Z",
    "requestId": "68aa9b2f-e330-42c0-ad0c-ba127279b7b4",
    "statusCode": 400,
    "retryable": false,
    "retryDelay": 31.98567057234596,
    "stack": [
        "AccessDeniedException: User: arn:aws:sts::680928640442:assumed-role/trigger-buildfc45ff03-8a0677d/trigger-buildfc45ff03-ea7b647 is not authorized to perform: ecs:RunTask on resource: arn:aws:ecs:us-west-2:680928640442:task-definition/build-bitstream-aece9bcd:1",
        "    at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:51:27)",
        "    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)",
        "    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)",
        "    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)",
        "    at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)",
        "    at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)",
        "    at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10",
        "    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)",
        "    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)",
        "    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)"
    ]
}

muhajirdev avatar Apr 07 '20 03:04 muhajirdev

Just hit the same issue:

{
    "errorType": "AccessDeniedException",
    "errorMessage": "User: arn:aws:sts::554523412554:assumed-role/batch-poc-schedule-a1297ba/batch-poc-schedule-325ae24 is not authorized to perform: ecs:RunTask on resource: arn:aws:ecs:us-east-1:554523412554:task-definition/batch-poc-aece9bcd:1",
    "code": "AccessDeniedException",
    "message": "User: arn:aws:sts::554523412554:assumed-role/batch-poc-schedule-a1297ba/batch-poc-schedule-325ae24 is not authorized to perform: ecs:RunTask on resource: arn:aws:ecs:us-east-1:554523412554:task-definition/batch-poc-aece9bcd:1",
    "time": "2021-04-08T10:05:54.888Z",
    "requestId": "978fa4d1-33fb-486e-98e6-1c9d44526469",
    "statusCode": 400,
    "retryable": false,
    "retryDelay": 3.7942372227858234,
    "stack": [
        "AccessDeniedException: User: arn:aws:sts::554523412554:assumed-role/batch-poc-schedule-a1297ba/batch-poc-schedule-325ae24 is not authorized to perform: ecs:RunTask on resource: arn:aws:ecs:us-east-1:554523412554:task-definition/batch-poc-aece9bcd:1",
        "    at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:52:27)",
        "    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)",
        "    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)",
        "    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)",
        "    at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)",
        "    at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)",
        "    at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10",
        "    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)",
        "    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)",
        "    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)"
    ]
}

brainoutsource avatar Apr 08 '21 10:04 brainoutsource

I've raised an issue in the main Pulumi repo as it seems to be code issue rather than a documentation one: https://github.com/pulumi/pulumi/issues/6725

brainoutsource avatar Apr 08 '21 10:04 brainoutsource